Protecting your organisation from cyber attacks By Jonathan Taylor, Head of Charities and Care, Innovation Broking Published: 26 October 2018 Who are we? Innovation Broking are a fully-fledged member and corporate supporter of AMRC. We are an independent insurance broker who specialise in charities and tech risks and we support our chosen sectors with advice and guidance, helping to mitigate emerging risks – not your typical insurance broker! After kicking off our partnership with AMRC, Innovation Broking offered to host the inaugural Finance Director member group meeting. This breakfast session took place at our London offices on Wednesday 17 October. Innovation Broking and AMRC were joined by Dr Danny Steed of ReSolve Cyber. ReSolve are our cyber partner and Dr Danny Steed has a wealth of experience including working for central government in cyber security. Why Cyber? Cyber is without doubt the buzz insurance topic of the moment for all organisations including charities. AMRC members hold and handle a huge amount of data, some of which is highly sensitive. From service user medical records to breakthrough IP, protecting your data is on every AMRC member's risk register I am sure. The Cyber Security Breaches survey in 2017 suggests that 46% of UK businesses have suffered at least one cyber security breach or attack in the last 12 months. Moving into October 2018 The National Cyber Security Centre (NCSC) recently published its report for their first 2 years of operating. They have in those 2 years defended over 1,100 cyber attacks. That equates to more than 10 attacks a week. Research shows that hostile nation states are behind the majority of these attacks. It really is a case of when your charity will be the victim of a cyber attack or incident. For this reason, Innovation Broking felt a real-life scenario of a cyber attack would be the most useful and practical way for us to educate and support the AMRC members. The session ran through a similar scenario to the NHS WannaCry ransomware attack. The dreaded red screen hits your inbox, what do you do! Innovation Broking and ReSolve took AMRC members through what will happen, what you should do and discussed in detail some of the moral and ethical dilemmas such as do you pay the ransom and what do you let your supporters/beneficiaries know and when. It was an interactive session which left all attendees with plenty of food for thought. Why the pants? As part of the workshop attendees had asked for a “top tips” and advice, and these are repeated below for wider use. Innovation Broking and AMRC has agreed it would be also great so share these tips with other members who could not make the session. One of the tips you can see below includes a tip around password management and in order to enhance the point and make members remember we used an analogy of pants! I am not sure what was worse googling men’s pants on my Innovation Broking laptop or AMRC’s Events Lead Gill’s face when she opened my emailed article with a pair of men’s pants staring back at her on the screen! Jokes aside these top tips have been verified by a number of cyber experts including Dr Danny Steed and will go some way to help mitigate your cyber risk. Ban access to the dark web on your system. Talk to your IT provider and make sure that your system is configured to ban access to TOR. It’s as easy as banning access to Facebook. Test your back- ups. Do they really work? When were they last backed up? Treat your passwords like your underwear. Never share them, change them regularly, keep them off your desk. Have a password culture. Start with you – use a free password manager like LastPass. Infect your colleagues with your password culture till they all take it seriously. Don’t use free coffee shop Wi-Fi. Its potentially lethal to use public Wi-Fi, and easy to use the hot spot on your phone instead. (You need an unlimited data package though) Check your insurance covers Phishing and ICO notification costs. Email [email protected] for Innovation Broking to arrange a free review of your cyber insurance Innovation Broking are very pleased to be an AMRC member and are always happy to offer support on cyber risks or any other charity risk you may be concerned around. About Innovation Broking Innovation Broking team is headed up by Jonathan Taylor, with over 7 years’ experience in supporting a number of the top 200 charities in the UK Jonathan and the team are well placed to offer advice. Innovation Broking are working with AMRC to offer a number of educational platforms in order to protect your charity as best you can.